Thanks for the response. The problem is that with libgtk, "--enable- debug=no" alters the logic within the library, and actually allows undefined behavior, by disabling code assertions and cast checks.
This makes it easy for library and application developers to make mistakes leading to "undefined behavior," like invalid memory accesses. I am not familiar enough with the libgtk code base, so I cannot say if "undefined behavior" includes potentially exploitable security issues (due to memory accesses). The solution is to build libgtk with "--enable-debug=minimum", which is recommended by the GTK packaging guidelines. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1641358 Title: libgtk-3 should avoid configuration --enable-debug=no Status in gtk+3.0 package in Ubuntu: New Bug description: The packaging guidelines for libgtk say to avoid using "--enable- debug=no" when packaging stable releases of GTK+. [1] The "--enable-debug=no" option can cause subtle errors and should be avoided. "--disable-debug" is another alias for this configuration option. More info and discussion at the Gtk-rs project (Rust bindings for GTK). [2] [1]: https://developer.gnome.org/gtk3/stable/gtk-building.html#extra-configuration-options [2]: https://github.com/gtk-rs/gtk/issues/270 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1641358/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
